Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

test_ssl: use API version to test get_ciphers() #978

Closed
wants to merge 1 commit into from
Closed

test_ssl: use API version to test get_ciphers() #978

wants to merge 1 commit into from

Conversation

vstinner
Copy link
Member

@vstinner vstinner commented Apr 3, 2017

On AIX, ssl.SSLContext.get_ciphers() is not available, whereas
ssl.OPENSSL_VERSION_INFO is (1, 0, 2, 8, 15).

Display also the ssl API version when running test_ssl in verbose
mode.

@vstinner
test_ssl: use API version to test get_ciphers()
99dd9d9 
On AIX, ssl.SSLContext.get_ciphers() is not available, whereas
ssl.OPENSSL_VERSION_INFO is (1, 0, 2, 8, 15).

Display also the ssl API version when running test_ssl in verbose
mode.
@vstinner
Copy link
Member Author

vstinner commented Apr 3, 2017

@edelsohn: Can you please try this change on AIX?

@edelsohn
Copy link

edelsohn commented Apr 3, 2017

This test has a number of problems on AIX, possibly related to known problems with ca-cert-bundle.

@tiran
Copy link
Member

tiran commented Apr 3, 2017

Note: I'm going to deprecate old versionsand require a recent version of OpenSSL 1.0.2+ or LibreSSL 2.5+ rather soon.

@vstinner
Copy link
Member Author

vstinner commented Apr 3, 2017

Note: I'm going to deprecate old versionsand require a recent version of OpenSSL 1.0.2+ or LibreSSL 2.5+ rather soon.

According to test_ssl output of Python master on AIX, the buildbot slave does use a recent version:

test_ssl: testing with 'OpenSSL 1.0.2h  3 May 2016' (1, 0, 2, 8, 15)
          under 'AIX-2-00FA74164C00-powerpc-32bit'
          HAS_SNI = True
          OP_ALL = 0x-7ffffc01
          OP_NO_TLSv1_1 = 0x10000000

@vstinner
Copy link
Member Author

vstinner commented Apr 3, 2017

@edelsohn: What is the value of ssl._OPENSSL_API_VERSION on this buildbot?

@edelsohn
Copy link

edelsohn commented Apr 4, 2017 via email

@vstinner
Copy link
Member Author

vstinner commented Apr 4, 2017

Ok, it confirms my guess on the AIX buildbot: API version != OpenSSL version:

  • version: 'OpenSSL 1.0.2h 3 May 2016' (1, 0, 2, 8, 15)
  • API version: (1, 0, 1, 5, 15)

So my change should fix test_ssl.test get_ciphers() on AIX (skip the test).

vstinner
vstinner commented Apr 21, 2017
View reviewed changes
Lib/test/test_ssl.py
@@ -877,7 +877,8 @@ def test_ciphers(self):
with self.assertRaisesRegex(ssl.SSLError, "No cipher can be selected"):
ctx.set_ciphers("^$:,;?*'dorothyx")

@unittest.skipIf(ssl.OPENSSL_VERSION_INFO < (1, 0, 2, 0, 0), 'OpenSSL too old')
@unittest.skipIf(ssl._OPENSSL_API_VERSION < (1, 0, 2, 0, 0),
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hum, the test lacks hasattr () test here.

@vstinner
Copy link
Member Author

Sorry, I just lost track of this PR. Since I don't recall exaclty why I wanted to make this change (probably fix a test failure on our AIX buildbot), I will just close it.

@vstinner vstinner closed this Jun 14, 2017
@vstinner vstinner deleted the ssl_api_version branch June 14, 2017 21:32
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
4 participants
@vstinner @edelsohn @tiran @the-knights-who-say-ni